WO2002096028A1 - Systeme de detection d'intrusion reseau - Google Patents

Systeme de detection d'intrusion reseau Download PDF

Info

Publication number
WO2002096028A1
WO2002096028A1 PCT/KR2002/000891 KR0200891W WO02096028A1 WO 2002096028 A1 WO2002096028 A1 WO 2002096028A1 KR 0200891 W KR0200891 W KR 0200891W WO 02096028 A1 WO02096028 A1 WO 02096028A1
Authority
WO
WIPO (PCT)
Prior art keywords
network
interface card
network interface
response
detection system
Prior art date
Application number
PCT/KR2002/000891
Other languages
English (en)
Inventor
Dong-Hun Han
Original Assignee
Inzen Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Inzen Co., Ltd. filed Critical Inzen Co., Ltd.
Publication of WO2002096028A1 publication Critical patent/WO2002096028A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/22Arrangements for preventing the taking of data from a data transmission channel without authorisation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection

Definitions

  • the present invention relates to a network-based intrusion detection system (NIDS) , and more particularly to a network interface card configuration of an NIDS which analyzes all traffic flowing through a network, detects dangerous or potentially dangerous activities as a result of the analysis and interrupts the detected activities.
  • NIDS network-based intrusion detection system
  • a network-based intrusion detection system generally functions to analyze all traffic flowing through a network, detect dangerous or potentially dangerous activities as a result of the analysis, interrupt the detected activities and inform a manager of the activity interruption .
  • Such activity interruption may be roughly classified into two operations .
  • One is called a suspicious network activity (SNA) operation, which hinders "low level scanning/attack" using fundamental vulnerabilities of a transmission control protocol/Internet protocol (TCP/IP) , such as a vulnerability analysis, network service search, operating system type determination, denial of service (DoS) attack, etc.
  • TCP/IP transmission control protocol/Internet protocol
  • DoS denial of service
  • Both these two operations are performed by sending network packets with specific functions to corresponding networks or hosts .
  • both the SNA operation and session kill operation can be conducted under the condition that the NIDS is able to send a packet to a corresponding network or host .
  • Fig. 1 is a block diagram showing the construction of a conventional network-based intrusion detection system employing an L2 switch supported with only a forwarding function.
  • the conventional network-based intrusion detection system is adapted to receive a packet from a network through a network interface card (NIC) , analyze the contents of the received packet and send a packet to the network to forcibly terminate a specific session if necessary.
  • NIC network interface card
  • a plurality of NICs may be provided in the NIDS although one NIC is shown in Fig. 1 to be provided in the NIDS.
  • SNA session kill
  • a packet cannot be sent to the network if the network equipment has a port connected to a packet collection NIC (monitoring NIC) in the NIDS for transferring a packet in a forwarding manner, not in a mirroring manner.
  • NIC monitoring NIC
  • the NIDS performs packet sending and receiving operations through the same NIC, it sends a packet from the NIC to a forwarding port on the network. In this case, the sent packet does not actually arrive at the network, thereby making it impossible to actively prevent hacking.
  • the present invention has been made in view of the above problems, and it is an object of the present invention to provide a network-based intrusion detection system (NIDS) which is capable of overcoming limitations of network associated hardware by actively interrupting and hindering intrusion attempts, irrespective of a network configuration type, upon detecting network intrusions such as hacking, service attacks, scanning, etc.
  • NIDS network-based intrusion detection system
  • NIDS network-based intrusion detection system
  • a network-based intrusion detection system for analyzing all traffic flowing through a network, detecting dangerous or potentially dangerous activities as a result of the analysis and performing a suspicious network activity operation and a session kill operation with respect to the detected activities to interrupt and prevent hacking
  • the network- based intrusion detection system comprising at least one first-type network interface card module, the first-type network interface card module including: a monitoring network interface card for collecting packets of traffic to be analyzed from the network; and a response network interface card for sending a packet for execution of the suspicious network activity operation and session kill operation to the network.
  • the network-based intrusion detection system may further comprise at least one second-type network interface card module, the second-type network interface card module including only one monitoring network interface card for collecting packets of traffic to be analyzed from the network. More preferably, the second-type network interface card module may share the response network interface card of the first-type network interface card module with the first- type network interface card module, the response network interface card including network response environment information of the second-type network interface card module in order to send to the network response packets to the packets collected by the monitoring network interface card of the second-type network interface card module.
  • the network-based intrusion detection system may further comprise a response gateway for routing the packets for execution of the suspicious network activity operation and session kill operation from the response network interface card to the network.
  • the monitoring network interface card and response network interface card of the first-type network interface card module may be configured to be integral with each other.
  • the monitoring network interface card and response network interface card of the first-type network interface card module may be configured separately from each other.
  • Fig. 1 is a block diagram showing the construction of a conventional network-based intrusion detection system employing an L2 switch supported with only a forwarding function;
  • Fig. 2 is a block diagram showing a preferred embodiment of a network-based intrusion detection system in accordance with the present invention
  • Fig. 3 is a block diagram showing an alternative embodiment of the network-based intrusion detection system in accordance with the present invention.
  • Fig. 4 is a schematic view of a setup program of the network-based intrusion detection system in accordance with the present invention.
  • Fig. 2 is a block diagram showing a preferred embodiment of a network-based intrusion detection system (NIDS) in accordance with the present invention, which is denoted by the reference numeral 100.
  • NIDS network-based intrusion detection system
  • the NIDS 100 comprises three intrusion detection modules.
  • a network interface card for collecting packets of traffic to be analyzed from a network will be referred to as a monitoring NIC
  • a network interface card for sending a packet for execution of a suspicious network activity (SNA) operation and session kill operation to the network will be referred to as a response NIC (RN) .
  • SNA suspicious network activity
  • RN response NIC
  • the first module is a network interface card module 110 including a monitoring NIC and a response NIC which is integral with the monitoring NIC.
  • the monitoring NIC is adapted to collect packets of traffic to be analyzed from a network 1 200a
  • the response NIC is adapted to send a packet for execution of the SNA operation and session kill operation to the network 1 200a.
  • the network interface card module 110 performs both the operations of the monitoring NIC and response NIC.
  • the network interface card module 110 collects packets of traffic to be analyzed from the network 1 200a via the same network interface card, and sends a packet for execution of the SNA operation and session kill operation to the network 1 200a via the same network interface card.
  • the second module is a network interface card module including a monitoring NIC 120a and a response NIC 120b, individually.
  • the monitoring NIC 120a is adapted to collect packets of traffic to be analyzed from a network 2 200b
  • the response NIC 120b is adapted to send a packet for execution of the SNA operation and session kill operation to the network 2 200b.
  • the second module collects packets of traffic to be analyzed from the network 2 200b via the monitoring NIC 120a, and sends a packet for execution of the SNA operation and session kill operation to the network 2 200b via the response NIC 120b which is configured separately from the monitoring NIC 120a.
  • the third module is a network interface card module including only one monitoring NIC 130a for collecting packets of traffic to be analyzed from a network 3 200c. This third module shares the response NIC 120b with the second module to send a packet for execution of the SNA operation and session kill operation to the network 3 200c.
  • the third module collects packets of traffic to be analyzed from the network 3 200c via the monitoring NIC 130a, and sends a packet for execution of the SNA operation and session kill operation to the network 3 200c via the response NIC 120b of the second module.
  • the shared response NIC 120b must have information about a response scheme of the monitoring NIC 130a in order to send a packet in a proper manner.
  • Fig. 3 is a block diagram showing an alternative embodiment of the network-based intrusion detection system in accordance with the present invention.
  • the network-based intrusion detection system 100 further comprises a response gateway 300 for routing a response packet .
  • the network-based intrusion detection system 100 routes and sends a packet for execution of the SNA operation and session kill operation from a response NIC therein to a network through the response gateway 300.
  • the response operation can be performed according to the router's ability.
  • the network-based intrusion detection system 100 pairs a monitoring NIC and a response NIC and determines a packet sending mode, with respect to each of the above modules, and collects information necessary for packet sending in the determined mode, for example, destination media access control (MAC) addresses which are hardware addresses of devices connected to a shared medium of a packet destination.
  • MAC media access control
  • the network-based intrusion detection system 100 determines from settings one of the response NICs through which a packet will be sent, and sends the packet to a MAC address of a corresponding destination through the determined response NIC. In order for a packet to arrive at a specific host in an Ethernet environment, the network-based intrusion detection system must recognize a destination MAC address.
  • This MAC address may be a MAC address of a gateway for sending a packet to a different network, or a MAC address of a host connected to a subnet of the same Ethernet .
  • a response NIC may designate a MAC address of a specific host corresponding to an IP address, or a self-MAC address of the response NIC as a source MAC address of a packet to be sent.
  • the MAC addresses may be roughly classified into two types, a source MAC address and a destination MAC address.
  • the source MAC address is a MAC address of a packet sending NIC
  • the destination MAC address is a MAC address of a packet receiving NIC.
  • An RN may selectively use three types of source MAC addresses when sending a packet.
  • the first type is an original MAC address.
  • the RN is connected to, for example, a dummy hub.
  • the dummy hub is not influenced by any MAC address at all, so a MAC address corresponding to an IP address may be used. In this regard, it is most preferable to use an original MAC address to produce no side effect.
  • the second type is a self-MAC address of the RN.
  • the RN is connected to, for example, an L2 switch. Because the L2 switch performs a switching operation in response to a MAC address, a problem may occur when a MAC address of a different computer is used.
  • the self-MAC address of the RN may be unable to be used where a MAC address variation detection host, intrusion detection system (IDS) or firewall is provided. In this case, however, the self-MAC address of the RN can be used by removing the MAC address variation detection function from a corresponding NIDS or firewall .
  • IDS intrusion detection system
  • the third type is a specific MAC address, which is used for a specific purpose or as needed. In this case, there must be designated a MAC address which is to be used.
  • the RN may selectively use three types of destination MAC addresses when sending a packet .
  • the first type is an original MAC address. In this case, the RN is connected to a dummy hub. The dummy hub is not influenced by any MAC address at all, so a MAC address corresponding to an IP address may be used. In this regard, it is most preferable to use an original MAC address to produce no side effect .
  • the second type is a MAC address of a response gateway.
  • ARP address resolution protocol
  • a MAC address of the response gateway obtained as a result of the processing, is used as a destination MAC address to send a packet.
  • the third type is a specific MAC address, which is used for a specific purpose or as needed. In this case, there must be designated a MAC address which is to be used.
  • each response NIC may be set with respect to several monitoring NICs.
  • each response NIC must have setting information for determination of response MAC addresses with respect to one or more monitoring NICs .
  • a response processing module has a mode for selection of MAC addresses with respect to all monitoring NICs associated therewith. Upon receiving a response request, the response processing module determines a MAC address to be used for a corresponding response. This MAC address determination can be made by transferring to a corresponding response NIC information regarding a monitoring NIC through which traffic is received, along with the traffic.
  • Fig. 4 is a schematic view of a setup program of the network-based intrusion detection system in accordance with the present invention.
  • module (n) managers When module (n) managers are initialized, they read their respective settings from a setting file or registry, initialize NIC (n) instances to be used, with the read settings, and store desired information according to the read settings. If a specific one of the module (n) managers requests a corresponding one of the NIC (n) instances to send a packet on the basis of the stored information, the corresponding NIC (n) instance determines a hardware address to be used for the packet sending and performs a response to the request on the basis of the determined hardware address . Therefore, according to the present invention, it is possible to minimize improper measures to hacking, resulting from limitations of network equipment, and to accurately monitor a plurality of networks at the same time.
  • the present invention provides a network-based intrusion detection system which is capable of overcoming limitations of network associated hardware by actively interrupting and hindering intrusion attempts, irrespective of a network configuration type, upon detecting network intrusions such as hacking, service attacks, scanning, etc. Therefore, the present network-based intrusion detection system can minimize improper measures to hacking and accurately monitor a plurality of networks at the same time.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention concerne un système de détection d'intrusion réseau, comprenant au moins une carte interface réseau (NIC) de contrôle permettant de recueillir des paquets du trafic à analyser à partir d'un réseau, et au moins une carte interface réseau (NIC) de réponse permettant d'envoyer un paquet au réseau, destiné à exécuter une opération réseau suspecte et une opération de mise à mort de session. Le système comprend une pluralité de NIC de contrôle qui analysent le trafic et comprend une pluralité de NIC de réponse en mode individuel ou partagé, respectivement. Le système comprend également une passerelle de réponse destinée à acheminer un paquet entre une NIC de réponse et un réseau, si la NIC de réponse ne peut pas envoyer le paquet directement. Par conséquent, le système de détection d'intrusion en réseau permet d'interrompre et d'empêcher activement toute tentative d'intrusion ne répondant pas au type de configuration réseau lors de la détection d'intrusions dans le réseau, telles que le piratage informatique, les attaques informatiques, le balayage de données, etc., et ainsi de réduire au minimum les mesures irrégulières de piratage et de surveiller avec précision une pluralité de réseaux en même temps.
PCT/KR2002/000891 2001-05-22 2002-05-14 Systeme de detection d'intrusion reseau WO2002096028A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR2001/28052 2001-05-22
KR10-2001-0028052A KR100439950B1 (ko) 2001-05-22 2001-05-22 네트워크 침입탐지 시스템

Publications (1)

Publication Number Publication Date
WO2002096028A1 true WO2002096028A1 (fr) 2002-11-28

Family

ID=19709780

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2002/000891 WO2002096028A1 (fr) 2001-05-22 2002-05-14 Systeme de detection d'intrusion reseau

Country Status (2)

Country Link
KR (1) KR100439950B1 (fr)
WO (1) WO2002096028A1 (fr)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1320800C (zh) * 2003-09-22 2007-06-06 国际商业机器公司 响应入侵的方法和系统
WO2008127422A2 (fr) * 2006-11-14 2008-10-23 Fmr Llc Détection et interdiction d'activité frauduleuse sur réseau
US7577707B2 (en) * 2004-04-21 2009-08-18 International Business Machines Corporation Method, system, and program for executing data transfer requests
US7856494B2 (en) 2006-11-14 2010-12-21 Fmr Llc Detecting and interdicting fraudulent activity on a network
US8145560B2 (en) 2006-11-14 2012-03-27 Fmr Llc Detecting fraudulent activity on a network
US8180873B2 (en) 2006-11-14 2012-05-15 Fmr Llc Detecting fraudulent activity
US8296847B2 (en) * 2003-07-25 2012-10-23 Hewlett-Packard Development Company, L.P. Method of managing utilization of network intrusion detection systems in a dynamic data center

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20030033383A (ko) * 2001-10-22 2003-05-01 주식회사 윈스테크넷 보안 서비스 시스템 및 그 운영 방법
KR100427448B1 (ko) * 2001-12-18 2004-04-14 한국전자통신연구원 라돈-보안게이트웨이 시스템 및 그 보안정책 설정방법과유해트래픽 탐지경보생성방법
KR100456634B1 (ko) * 2002-10-31 2004-11-10 한국전자통신연구원 정책기반 침입 탐지 및 대응을 위한 경보 전달 장치 및 방법
KR100558658B1 (ko) 2003-10-02 2006-03-14 한국전자통신연구원 인-라인 모드 네트워크 침입 탐지/차단 시스템 및 그 방법
KR100596395B1 (ko) 2004-12-16 2006-07-04 한국전자통신연구원 IPv4망과 IPv6망이 공존하는 네트워크 상에서암호화된 유해 트래픽에 대응하는 시스템 및 그 방법
KR100850629B1 (ko) * 2007-02-01 2008-08-05 에스케이 텔레콤주식회사 네트워크에서 전송되는 데이터 패킷을 필터링하는 네트워크인터페이스 카드 및 필터링 방법

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5414833A (en) * 1993-10-27 1995-05-09 International Business Machines Corporation Network security system and method using a parallel finite state machine adaptive active monitor and responder
US5991881A (en) * 1996-11-08 1999-11-23 Harris Corporation Network surveillance system
EP0985995A1 (fr) * 1998-09-09 2000-03-15 International Business Machines Corporation Procédé et appareil de détection d'intrusion dans des ordinateurs et des réseaux d'ordinateurs

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100284485B1 (ko) * 1998-06-15 2001-03-15 신승영 랜(lan)카드
KR200179331Y1 (ko) * 1999-11-16 2000-04-15 이종렬 네트워크 보안기능을 가지는 컴퓨터 시스템
KR20020025408A (ko) * 2000-09-29 2002-04-04 심재윤 내장 허브를 갖는 인터넷 보안 카드
KR20020096194A (ko) * 2001-06-18 2002-12-31 아이에스솔루션(주) 통합보안 네트워크 카드에 의한 네트워크 보안 방법 및시스템
KR100424724B1 (ko) * 2001-07-27 2004-03-27 김상욱 네트워크 흐름 분석에 의한 침입 탐지 장치

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5414833A (en) * 1993-10-27 1995-05-09 International Business Machines Corporation Network security system and method using a parallel finite state machine adaptive active monitor and responder
US5991881A (en) * 1996-11-08 1999-11-23 Harris Corporation Network surveillance system
EP0985995A1 (fr) * 1998-09-09 2000-03-15 International Business Machines Corporation Procédé et appareil de détection d'intrusion dans des ordinateurs et des réseaux d'ordinateurs

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
BISWANATH: "Network intrusion detection", IEEE NETWORK, vol. 83, May 1994 (1994-05-01) - June 1994 (1994-06-01), pages 26 - 41 *
GIOVANNI: "NetSTAT: a network-based intrusion detection approach", IEEE COMPUTER SECURITY APPLICATIONS CONFERENCE 1998. PROCEEDINGS, 14TH ANNUAL, pages 25 - 34 *

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8296847B2 (en) * 2003-07-25 2012-10-23 Hewlett-Packard Development Company, L.P. Method of managing utilization of network intrusion detection systems in a dynamic data center
CN1320800C (zh) * 2003-09-22 2007-06-06 国际商业机器公司 响应入侵的方法和系统
US7577707B2 (en) * 2004-04-21 2009-08-18 International Business Machines Corporation Method, system, and program for executing data transfer requests
WO2008127422A2 (fr) * 2006-11-14 2008-10-23 Fmr Llc Détection et interdiction d'activité frauduleuse sur réseau
WO2008127422A3 (fr) * 2006-11-14 2009-04-23 Fmr Llc Détection et interdiction d'activité frauduleuse sur réseau
US7856494B2 (en) 2006-11-14 2010-12-21 Fmr Llc Detecting and interdicting fraudulent activity on a network
US8145560B2 (en) 2006-11-14 2012-03-27 Fmr Llc Detecting fraudulent activity on a network
US8180873B2 (en) 2006-11-14 2012-05-15 Fmr Llc Detecting fraudulent activity

Also Published As

Publication number Publication date
KR20020088956A (ko) 2002-11-29
KR100439950B1 (ko) 2004-07-12

Similar Documents

Publication Publication Date Title
US8438241B2 (en) Detecting and protecting against worm traffic on a network
US7467408B1 (en) Method and apparatus for capturing and filtering datagrams for network security monitoring
US6954775B1 (en) Parallel intrusion detection sensors with load balancing for high speed networks
US7120934B2 (en) System, method and apparatus for detecting, identifying and responding to fraudulent requests on a network
US7409712B1 (en) Methods and apparatus for network message traffic redirection
US7707305B2 (en) Methods and apparatus for protecting against overload conditions on nodes of a distributed network
Gao et al. A dos resilient flow-level intrusion detection approach for high-speed networks
US20060256729A1 (en) Method and apparatus for identifying and disabling worms in communication networks
EP1081894A1 (fr) Système pour surveiller un réseau contre le piratage informatique
US20120023552A1 (en) Method for detection of a rogue wireless access point
US8250645B2 (en) Malware detection methods and systems for multiple users sharing common access switch
US20060212572A1 (en) Protecting against malicious traffic
US20050207420A1 (en) Parallel intrusion detection sensors with load balancing for high speed networks
US7596808B1 (en) Zero hop algorithm for network threat identification and mitigation
US8130756B2 (en) Tunnel configuration associated with packet checking in a network
WO2002096028A1 (fr) Systeme de detection d'intrusion reseau
EP1595193B1 (fr) Detection du trafic de vers informatiques et protection contre le trafic de vers informatiques sur un reseau
CA2469885C (fr) Protection contre un trafic malveillant
WO2009064114A2 (fr) Procédé et système de protection destinés à contrer une attaque de déni de service distribué
WO2005026872A2 (fr) Appareil assurant la securite perimetrique interne du reseau local comprenant une carte pci et un logiciel complementaire
JP2004248185A (ja) ネットワークベース分散型サービス拒否攻撃防御システムおよび通信装置
KR20170109949A (ko) 동적 네트워크 환경에서의 네트워크 보안 강화 방법 및 장치
KR100571994B1 (ko) 근원지 아이피 주소 변조 패킷의 탐지 및 패킷 근원지지적 방법
KR100506889B1 (ko) 이중버퍼 구조를 가지는 네트웍 침입탐지 시스템과 그동작방법
JP4753264B2 (ja) ネットワーク攻撃を検出するための方法、装置、およびコンピュータ・プログラム(ネットワーク攻撃の検出)

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP